Day: September 17, 2005

Andrea Bittau (not blurry in real life) gave a demo of the WEP fragmentation attack. The attack only requires one sniffed packet from the WEPed network unlike replay attacks which usually require you to get an ARP packet. He built a simple tool to sniff a packet and then build packets to create a legitimate connection to the access point. At this point a server on the internet is contacted to flood the network with packets at up to 1400 packets per second. This generates a ton of unique IVs and aircrack is called every 100000 packets till the WEP key is cracked. In the demo it took under 5 minutes for the automated process to complete.

Bastille is an OS hardening tool for Linux. Jay Beale gave a presentation on how to “lock down” a system using it. Bastille can analyze your current setup and give you a rating based on how secure your system is. The program asks you questions based on your configuration (“Do you want to turn off ### service?”). It explains the possible consequences of taking the suggested actions. The process can be very educational. The system is modular so you can add your own modules by writing a few lines of Perl. Bastille can also generate configurations that can be deployed across multiple machines.

I made it into San Diego in good time and have already seen a Sony W800 and the iPod nano so TC7 is off to a great start. I’ve met some really cool people. Here are some pictures to prove it (or at least show what the backs of hacker’s heads look like).

Simple Nomad’s keynote was titled “How hackers get caught” which could have been subtitled “laughing at skiddies” as he gave several examples throughout. SN, founder of NMRC, has been hacking for years and proved this with his Bell Special Services hat.